Using its DoubleClick ad network, Google has been dodging a privacy setting in Safari, the primary Web browser on the iPhone and iPad, according to a report today by Stanford’s Security Lab and the Center for Internet and Society. The study named three other companies — Vibrant Media Inc., Media Innovation Group LLC and PointRoll Inc. — that also evaded privacy settings.
“Apple’s Safari Web browser is configured to block third- party cookies by default,” Stanford graduate student Jonathan Mayer said in the report. “Google and Vibrant Media intentionally circumvent Safari’s privacy feature.”
Google, the world’s biggest Internet-search company, has drawn regulatory scrutiny and pressure from consumer advocates for the way it handles person information. Last year it agreed to settle claims with the Federal Trade Commission that Google used deceptive tactics and violated its own privacy policies when it introduced its Buzz social-networking service in 2010.
In the Stanford study, Mayer said Google’s software employed cookies, or small pieces of code, that can be used to follow users’ activities on the Web. Blocking them is supposed to prevent the cookies from tracking behavior. The actions potentially affected millions of users, Mayer said. Safari is the top browser for mobile devices, with 55 percent of the market, according to January data from Net Applications.
Google’s actions also prompted Consumer Watchdog to send a letter to the FTC and demand action against Google.
“Safari users with the browser set to block third-party cookies thought they were not being tracked,” John Simpson, privacy project director of Consumer Watchdog, said in the letter. “Nonetheless, because of an element invisible to the user, but designed to mimic a form, DoubleClick was able to set tracking cookies in an obvious violation of the set preference.”
Google has started removing the advertising cookies from Safari browsers, Rachel Whetstone, senior vice president of communications and public policy at the Mountain View, California-based company, said in an e-mailed statement.
“It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information,” Whetstone said.
Google said it began to use the functions in the Safari browser last year to enable its “+1” feature, which lets surfers easily identify content that interests them. Google created a temporary communication link between its servers and Safari’s, so the company could know whether a user had signed up for +1, she said.
“But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous — effectively creating a barrier between their personal information and the Web content they browse,” she said. “However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen.”
Tom Neumayr, a spokesman for Cupertino, California-based Apple (AAPL), didn’t immediately respond to a request for comment. The findings of the Stanford study were reported earlier by the Wall Street Journal.
“Consumers are outraged at news reports today that Google used a work-around hack to ‘trick’ the Apple Safari browser into allowing the dominant Internet and advertising company to track the Web browsing habits of millions of Apple users,” said Steve Pociask, president of the American Consumer Institute, an organization in Washington.
Google shares fell less than 1 percent to $604.41 at 12:46 p.m. New York time. The shares had lost 6.1 percent this year before today.